Skip to main content Skip to Footer

LATEST THINKING


IT’S TIME TO DEMAND
SECURITY BY DESIGN

If you’re not infusing security practices into your development efforts from the early states, you are setting the stage for a risky and potentially devastating outcome. One where you lose valuable time and money, and expose your organization to security risk.

In our Cyber Moonshot paper we identified Security by Design as one of five essential elements of achieving cyber resilience: Security must be engineered into the core of every system from the start.

ADOPT A DEVSECOPS APPROACH

Over the past several years, DevOps has gained in popularity as a proven way to bridge the gap between developing and operationalizing applications. DevOps is an enabler that delivers automation, repeatability, agility and speed across the entire lifecycle.

Now, with DevOps in its mature state, Federal agencies have the momentum to embed security into the approach, creating a new DevSecOps model that transforms security into another enabler for the business.


Embracing DevSecOps allows Federal agencies to:

  • Drive agile development

  • Bring all stakeholders to a high level of security understanding in a short period of time

  • Ensure security is “baked in” from the beginning

Ultimately security quote Ultimately, security becomes everybody’s job, speed to delivery is enhanced, budget is maximized . . . and there is no surprise ending.

Gus Hunt
Managing Director, Cyber Strategy Lead
Accenture Federal Services

THINGS YOU CAN DO RIGHT NOW

Whether your organization is ready to embrace DevSecOps now or not, every agency can benefit from a close examination of current applications security practices. To balance business needs with security risks start by focusing on these key areas:

Set and Enable Standards

SET AND ENABLE STANDARDS

Develop a secure technical architecture integrated within the overarching business and security architecture.

Identify the necessary training and tooling to enable developers to effectively implement standards

Model Threats to Assess Risk

MODEL THREATS TO
ASSESS RISK

Gain an understanding of the context in which an application will be used and the infrastructure in which the application will operate.

Assess the likelihood that a system will be a target and developing appropriate safeguards through threat modeling.

Develop security testing approaches that can be included in automated testing scenarios.

Test to Identify Vulnerabilities

TEST TO IDENTIFY
VULNERABILITIES

Make testing a part of every development sprint.

Use basic testing to identify and flag areas with common mistakes, complement this with static application security testing (SAST, or “white box testing”) to see if the application can be penetrated.

Implement dynamic application security testing (DAST) to evaluate security when an application is running.

ENSURING CYBER RESILIENCE

Security by design, DevSecOps, is one of the five essential technology pillars needed to shift the balance of power away from our adversaries and tip the scales in our favor.

In our Cyber Moonshot paper we outline our thinking about each of these pillars.

 

Application Security: Integrating dynamic defense into software development

DOWNLOAD THE WHITEPAPER [PDF]

LEADERSHIP

Gus Hunt
Managing Director, Cyber Strategy Lead
Accenture Federal Services

As former CTO for the CIA, Gus Hunt continues to help protect our nation’s most valuable data as Accenture cybersecurity lead. Read the Q&A to learn more about Gus and his vision for accelerating federal security.

Email LinkedIn Twitter

Visit Accenture.com/Cyber to learn more about our Cyber offerings.

LEARN MORE

 

Gus Hunt
SUGGESTED CONTENT